In February 2023, we completed a web application security assessment for a new client within the legal field. What followed was a series of hurdles, followed by jumps and yet more hurdles, to eventually end up with a full working attack chain and LFI.
Within almost 99% of web application penetration tests, there is usually at least one TLS / SSL related issue. Typically these are either reported as a Low CVSS score, or sometimes creeping into a Medium, depending on the application and its uses. We wanted to provide an informative article highlighting the real risks of these issues and how they can negatively impact the security of organisations.